Problem Statement: I want to give users permission to run an EC2 instance with Tags only, but I can't restrict the user to not running more than one EC2 instance at a time.
Hello Community,
Would it be possible to delete all old EC2 instances, if the user launches a new EC2 box? or restrict the user to not running more than one instance (the second point is not a feasible solution).
I want to give users AWS GUI and CLI access to perform the task.
Can someone suggest some solution to this problem?
Thanks in Advance.
CodePudding user response:
I want to give users permission to run an EC2 instance with Tags only
For this you can craft IAM policy as exemplified in AWS docs:
Would it be possible to delete all old EC2 instances, if the user launches a new EC2 box?
This requires a custom solution. For example, you can setup AWS CloudTrial trial that triggers a lambda function (through a AWS EventBridge) on ec2.RunInstances
API call. The lambda function would check the ownership of the instance to be launched, how many a given user have them at present, and terminate pre-existing ones.